3PMobile Blog

All over the globe, citizens are opting for big (behavior) changes. People feel disenfranchised. They feel they have lost their voice, and identity, and that their elected officials have done nothing to protect their rights, culture, jobs, quality of life or privacy.

In England, it was Brexit. In the US, it was the election of a businessman to the Presidency, in the EU it is the GDPR privacy regulation and for the Internet it’s the Do Not Track standard.

Here’s an article from 2014 on How much is your personal data worth?Link Your ‘lack of privacy’ and your inability to change your behavior form ‘Accept & Continue’ has created tremendous value for your data ($$$€€€) in the marketplace.

What happens then when a ‘switch’ is made available to the populous that allows my voice to be heard and offers me a chance to change my behavior?

Very soon Do Not Track will become a standard. Here’s an example of what you can expect to see in your browser…

I am the Swamp Ville Gazette, and I need some exceptions to your DNT=0.

Are you willing to give me a general site-wide exception for all embedded third-parties?

The Elephant and the Rider: Inside each of us (Me) there is an emotional side the Elephant, and the rational side the Rider.

Path The notion that if you want someone (Me) to change, then you must guide Me along a familiar path like my current environment.

The single act of presenting the populous with the Swamp Ville Gazette scenario daily will overwhelm them and emotionally force them to disconnect. It will ‘undo’ the behavior (Accept and Continue) which has created value for very large companies, and turn it into something else.

The Enterprise Times just wrote an article – Businesses beginning to panic over GDPR (Link). It talks about how businesses could go out of business by not complying.

It’s an excellent article — but in my humble opinion it misses the bigger picture. GDPR and Do Not Track are not just about the business, they’re about behavior change at the populous level.

Privacy is about to become a populist movement.

Why? Because it can, because Accept and Continue is going to be replaced with meaningful consent based on My Choices.

Compliance is a necessity — but something else is about to become an even bigger necessity?

Recapturing customers that you have lost due to a behavior change.

Imagine the value to your business if overnight 30% of your customer decided not to accept and continue. What happens to your stock price? What happens to your growth curve?

GDPR: The Story of Me and the Cost of Healthcare

Let’s start with a definition of engagement as in patient engagement… Merriam-Webster defines it as an emotional involvement or commitment. We know that change is required to reduce the cost of care, however when we examine the key stakeholders in the ecosystem we find some major emotional barriers.

The Elephant and the Rider: Inside each of us (Me) there is an emotional side the Elephant, and the rational side the Rider.

N of 1. (link) An n-of-1 experiment is the smallest study you could possibly do: one that involves just a single subject – Me.

Path The notion that if you want someone (Me) to change, then you must guide Me along a familiar path like my current environment.

The image above the title reveals the issues — there are two ME’s in this equation… Me (the Corporate Healthcare Organization) and Me the patient. Corporations act as giant individuals.

They are designed for one thing — executing on a repeatable business model. And for the most part they do it exceptionally well.

Where they struggle is innovation. Why? Partly because there’s so much of it bombarding them it can be overwhelming. But, more importantly, established policies, procedures and shared beliefs often bias decision making — ‘Culture trumps Strategy’. “Unfortunately, change struggles to take hold until a crisis forces its adoption. Until then change remains elusive.”

Now let’s visit the personal Me, N of 1, the Patient. I suffer from the same problem. Our lives are overwhelming, there’s no time to sit and contemplate as we rush from one thing to another. When overwhelmed, and particularly when the symptoms appear years after my diagnosis, as is often the case with many chronic conditions, I simply choose not to start.

It takes less energy and I can rationalize I have time to change when things calm down (which they never do). Emotion has trumped logic.

In both cases the Elephant is in control, and the Rider, be it the Corporation or the Individual, is confused, overwhelmed, or simply in denial. They lack the ability, or perhaps the tools, to change to or navigate along a new Path.

Three years ago, we were approached by a large health organization — they gave us a simple problem… Figure out how to lower the cost of healthcare?

I pondered the question for a moment, and because I was an “objective outsider” and didn’t know what I didn’t know, I simply answered, “Insure more healthy people.” It seemed obvious to me… well, “Who knew healthcare could be so complicated?” (Laugh)

And yet after three years of research my answer is still the same — insure more healthy people. But not by cutting off insurance to them. By making more people healthier. Now, for that to happen we need change.

Which leads us to the next question, which we’ll explore in my next post…

How can we use technology to deliver something familiar and friendly for the Elephant (emotional) and simple and personalized for Rider (logical and rational), which can guide people (and corporations) on a path to better health and financial outcomes?

Is it even possible for innovation to remove the barriers to change instead of creating new ones?

GDPR: Meaningful Choices Lead to Meaningful Change – How to Get There

The Elephant and the Rider: Inside each of us (Me) there is an emotional side the Elephant, and the rational side the Rider.

N of 1. (link) An n-of-1 experiment is the smallest study you could possibly do: one that involves just a single subject – Me.

Path The notion that if you want someone (Me) to change, then you must guide Me along a familiar path like my current environment.

Now let’s look at how to get there (Meaningful Change).

We need to start with what is familiar and simple for the individual. As every one of us understands the “App for that” concept let’s begin there. We now run into our first problem when it comes to GDPR and Consent. Each person, will make individual selections when it comes to consent (Accept and Continue is no longer a viable option).

Consent has turned into My Choices, individualizing me to the content provider, telling them not to treat me as a generic person anymore if you want me to remain engaged.

In fact, the more you can engage with me on an individual basis the greater the value of my data to your business. But how do we more fully engage people through technical means?

Individuals make better decisions when presented with meaningful choices. Choices that are based on our unique needs — as they change in the moment. The only way to know what choices to deliver to each person is to treat them as an individual person, not just a data subject.

To solve the problem of, “How do we get there?” required an innovation leap. We needed something new, but also familiar and simple. We couldn’t overwhelm the rider or the elephant instincts in all of us, otherwise the individual would resist the change.

We started by asking ourselves two questions:

“Why doesn’t the Web know Me?”

“What is the most familiar and simple to use App in the world?”

That gave us our starting point — the browser. From there, we set about improving it, not replacing it with yet another, “App for that.” We added a feature to it that allows the individual to share their choices (consent) in a secure and private manner with the content provider. The individual always remains in control of the collection, flow, use and assignment of their private data as it should be.

With access to this new “choice” data, the content provider could individualize each person’s navigation in a meaningful way. One that guides me down my unique path of least resistance to a mutually beneficial interaction for us. And to ensure that IT could also follow us down their best path, we enabled the Apps navigation menus to be programmed using simple HTML commands.

The result is that all the stakeholders’ needs are met: My experience changes to reflect my current needs and choices, content providers have more contextual data about me and Internet standards and Web service approaches remain intact, reducing stress on IT.

By focusing on Me, and innovating, rather than replacing the current web standard, we minimize disruption and maximum impact.

In closing there is one other item to consider – The Network Effect. Which is the effect that one user of a good or service has on the value of that product to other people (Source).

Each individual now sets up their own network effect as they engage with the content provider. The simplest example would be healthcare — the more data I share with you, the better you can guide me on a daily path to better health. It sets up its own financial and healthy rewards for all the stakeholders.

GDPR: Meaningful Consent or Meaningful Choice? Which is more valuable?

There’s something curiously comforting in a single choice… Accept and Continue. It’s a choice without a choice. If you wish to continue you must Accept. The Path is clear – the consumer is going in your direction!

On May 25, 2018, that all changes. With the enforcement of GDPR we go from no choice to meaningful consent. I wonder if anyone has sat down and thought about the psychological changes that will be introduced with more choices to consent to?

This weekend I started reading – – “Switch: How to Change Things When Change Is Hard by Chip Heath and Dan Heath: link”

It is absolutely fascinating… you get to learn about the Elephant and the Rider inside each of us. The emotional side is the Elephant and our rational side is the Rider. As you can imagine while the Rider has some control when the Elephant takes over, it’s literally over.

To change someone’s behavior you’ve got to change the person’s situation. For example, you can send someone to rehab but when the treatment is over and they return to their original environment how do you sustain the change?

Well, it turns out that you’ve got to influence not only their environment but their hearts and minds (the Elephant and the Rider).

So where am I going with this? Let’s contrast and compare – Meaningful Consent versus Meaningful Choice. The two are polar opposites.

GDPR mandates Meaningful Consent – which is really nothing more than a list of items to consent to. They are generic, designed for N number of people. But something strange is about to happen…

Meaningful consent will be turned into Meaningful Choices. As each individual scans the list they will choose differently. Something designed for N number of people will actually return an Individual’s choice.

We call this designed for N of 1. (link) An n-of-1 experiment is the smallest study you could possibly do: one that involves just a single subject – Me.

When I turn meaningful consent into meaningful choice it becomes a N of 1 experiment.

Something else also happens — something that you wouldn’t expect. When presented with a single choice – Accept and Continue the Path is clear to the Rider. When presented with multiple consents the Path is confusing to the Rider.

GDPR will bring confusion as meaningful consent turns into meaningful choices. If you want to get an individual “N of I” to change you will not only have to change their environment, but also influence their hearts and minds by providing a clear path that aligns both the Elephant AND the Rider.

What does this all translate to? Well studies have shown that when presented with more choices the ‘Path’ for the Rider to choose from is no longer clear. In fact, it becomes even more confusing. Ultimately the Elephant in us takes over and the results are no longer truly quantifiable. Essentially N of 1 (the Individual) reverts to generic N.

This translates into a loss of value to your business. For those businesses that solve the N of 1 problem you will be able to align the hearts and minds of your customers and therefore the meaningful choice is far more valuable than meaningful consent.

All that remains now is the “How”? As in, how do you go from N of 1 to 1 to N?

GDPR’s mandate calls for innovative technology to transform the market.

The rule of thumb is that if you want to be transformative and reap the benefits of that transformation, you must focus on creating a new market with innovation where none existed before e.g. Amazon, Google, Facebook. But what happens when a market “vision” is created for you without the technical innovation to make it accessible?

In my opinion, with the first recital of GDPR “The protection of natural persons in relation to the processing of personal data is a fundamental right,” a brand-new market has been envisioned. The EU wants to become a market that is person-centric rather than brand/retailer-centric. In this new market, the focus shifts to the power of my data and my control over that data. It truly is a market of Me.

Before pointing to the needed technical innovation to enable GDPR to be truly transformative, let’s take a trip back in time to see what has transformed markets in the past:

Roughly 30 years ago we ushered in the Internet. For the first time the world was truly connected. The invention of the browser and its user interface (hyperlinks) simplified navigation so you could click your way around the world. There was no defined business model other than for sharing data.

That all changed in 1994 with the arrival of Netscape and SSL which added the ability to sell physical goods securely on the Internet. The consumer value proposition was convenience, money in exchange for physical goods. Netscape was the initial leader who created the innovation (remember those e-commerce servers?), but it was Amazon that transformed the market by seeing the opportunity to move away from the physical store and create a digital store front.

The second market transformation occurred a few years later in 1998. This time a technology innovation was tied into the creation of a market ripe for transformation (Advertising) by a single company, Google. The simple search box (user interface) simplified the underlying complexity of searching the web. The transformative event tied that user interface to advertising-supported search. The consumer value proposition was free services in exchange for business defined data use.

A third market transformation occurred in 2004 when Facebook created an innovative user interface to share your social network. Just as search told Google more about you, your social network told Facebook even more about you. This transformed the data into a form of digital currency that transformed businesses into ecosystems.

All these transformations developed with minimal input from the consumer and little understanding of the data collection, flow and use that powers these massive economic engines. The current Internet business marketplace has become one-sided where consumers are viewed as users, not customers and have no ability to negotiate the value of their data. Consumers are now beginning to realize the inequity of the relationship.

In April 2016, the EU enacted the General Data Protection Regulation (GDPR) as a sustainable solution to rebalance the scales, returning privacy back to the consumer. It starts with Recital (1):

“The protection of natural persons in relation to the processing of personal data is a fundamental right.”

In May 2018, the GDPR begins imposing significant fines on global businesses who do not comply with new data consent standards. This single regulatory act, instead of a new technological advancement, is the driving force behind the transformation to a consumer-centric marketplace. To innovate in a market that is person-centric versus brand/retailer-centric, we must think differently if we want to maintain and grow the digital ecosystem.

The above examples reveal that all the previous sustainable market transformations relied on a common innovation – the user interface. E-commerce, search and message board technologies all existed, but the market transformations were made possible by making the complex simple and easy to use.

A new innovative user interface is needed to give consumers the ability to provide trust-based consent and negotiate the value of their data in real time. It must be simple enough to convert their preferences and choices into something that the Internet understands to seamlessly integrate into vast digital market ecosystems.

Essentially, with such a user interface, consumers would become a retailer of their own data to be shared with the businesses they trust. It would shift the current one-sided model, where consumers have no choice in how their data is used, to a market where their ability to choose gives them the real-time negotiating power they experience in the physical world — based upon the value of their data. It transforms the digital marketplace into a more human marketplace with greater opportunities for everyone.

Now comes the hard part. Where are the tools to upgrade the Internet and enable this transformation?

GDPR is going to break advertising on the Internet.

Oh My!

You are in for a treat now. Without making this too complicated let’s consider the problem of obtaining consent from Ad Bidders in real time

Every ad is bid on – so therefore PRIOR to the ad being delivered, the website (data processor/data controller) does NOT know what bidders may later ‘pop up’ out of an auction (see the headline image).

This causes multiple problems:

The user needs to consent to an auction without knowing who is going to win the bid (Hmmm, does a consumer even know about bids?)

The auction needs to constrain data disclosure to the highest bidder only and allow for a right to be forgotten request – while the losing bidders need to ‘forget about me’ instantly

The user needs to learn about the identity and the compliance policy of the highest bidder – ALL before consenting

What could possibly go wrong you ask yourself?

Can you imagine the confusion for the consumer as they try and sort this out on their mobile phones/mobile apps/mobile browsers ONLY to be faced with the same thing all over again on their other devices?

GDPR is going to break advertising on the Internet without REAL innovation.

As a company, we try to remain politically neutral, but on the topic of privacy, we simply cannot sit back and watch our rights be dismantled and our online lives sold to the highest bidder.

For our U.S. followers, please contact your Congressional Representative in the remaining hours of the day and urge them to vote NO tomorrow on SJ Res 34, which rolls back the FCC’s rule on securing customer permission before selling their data. It is an affront to our constitutional privacy protections. And because of how it’s been submitted by the senate, once voted in, it is nearly impossible to reverse, should the real impact become transparent to everyone.

Since our business is built upon retaining consumer choice and privacy, this resolution is particularly alarming. We are not opposed to digital advertising or the selling of data. We simply believe that each consumer has the right to determine with whom and for what purpose their online metadata is shared and used.

The right to privacy is FUNDAMENTAL. The ISPs, Phone Companies and big platform companies can make the “it’s only metadata” argument all day long, but this metadata about where we search, and who we text and call, and what sites we visit, is the context that defines the patterns of our lives. That is why it is so valuable to not only advertisers, but also to governments and even to campaigns, where social media data and behavioral algorithms were used in the Brexit initiative and the last U.S. election to hyper-target citizens in a way that is tantamount, in our opinion, to manipulation – far beyond the usual “marketing” influence of most consumer packaged goods companies.

This bill is subject to the Congressional Review Act, which basically means, that it is impossible to reverse, once voted in. Tell Congress to vote NO on Tuesday 9/28/17

This caught my eye this morning – CNIL launched today a public consultation on data breaches, profiling and consent under the GDPR. It’s open until 23 March. https://lnkd.in/ewUf-G3

Looks interesting so I clicked on the link. I was taken to this page:

You may be thinking so what? But it was something else that really caught my eye. Did you notice the message at the top of the page? The one that mentions ‘cookies’?

I spotted the word ‘cookies’ but have no idea what the message is asking me to do. Other than the fact that there’s an option to click on a radio button at the end of the message.

So how does this relate to GDPR? It goes a lot deeper than you think. Article 3 Clause 2 of the GDPR states the following:

Territorial scope:

This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not

This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) The monitoring of their behaviour as far as their behaviour takes place within the Union.

This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

Let’s dig in a little. I checked the settings in my browser and it’s transmitting the following: HTTP_ACCEPT_LANGUAGE=”en-us” — translated this means that my browser sent a message to the website that I would like to receive the page in English. This should be the first clue that I’m located out of the member country. Secondly, the website should have looked at my location (a topic for another day). As far as I know, it did neither.

What it did do immediately is add two cookies to my browser — even before I’ve accepted them! So, I personalized the page by indicating my desire for NO cookies. I then refreshed the page after deleting the cookies. I then checked local storage and guess what? The cookies were reappeared.

So far, if this was about GDPR compliance they would have failed. They have failed to recognize my location, my preferred language, and they did not respect my consent.

GDPR is far stricter than cookie consent. Obtaining meaningful consent is a MUST, not a SHOULD or a MAY. What seems to be missing from the equation at the moment is what LANGUAGE should the consent be in. The clue to that comes from the browser – HTTP_ACCEPT_LANGUAGE=”en-us” — after that, it is the job of the data processor to show me a consent page that is in English if they want to continue offering a service.

Conclusion – GDPR, by virtue of it’s territorial scope, will need to consider language as part of meaningful consent.